Cyber-attacks can cost businesses huge amounts of money; having robust cyber defence systems has therefore become a must. Today, defence systems are not confined to the perimeter of networks but go deep inside of an organisation, looking at user behaviour, checking where data is going and even, what an employee is doing when they are away from the network.
Although security in depth has become a buzzword, it brings with it great complexity, as most systems do not talk to each other. Systems which are in place to monitor, such as Security Information and Event Monitoring (SIEM) platforms, fail as they are only able to alert an operative to a problem and so, are only as good as the person who reacts to that alert if they are even looking! Given that cyber-attacks are mostly automated, the delay in reacting to an attack allows the threat to gain a hold before an organisation has even started to assemble a defence.
Having varied security systems also creates problems, such as a lack of knowledge of the differing products, both in terms of their use and an understanding of what they are showing. Often, this is due to an installing team leaving an organisation with the relevant system knowledge lost, making it harder to maintain, and react, to any issues that may follow.
Frequently, new security systems are brought in and placed on top of the old, ones to plug any perceived gaps. The cycle continues with more layers of defence – ‘the tiers of doom’!
This ‘tier of doom’ scenario results in uncontrollable costs, leaving organisations exposed to attacks. Stopping this cycle is key to improving the cyber security position and can be achieved by ‘thinking smart’.
Using technology to control technology, and closing the skills shortage gap, can be achieved by using a cyber management platform (or Shield) that presents warnings, actions, and results, in a single pane of glass view, which will enable experienced cyber teams to work on one platform, rather than having to learn and remember say, 20 different dashboards. It will show all the results and consequences of events happening in real-time and advises on appropriate action.
Many attacks stem from multiple vectors, all automated and programmed, which means cyber defence teams need many ‘eyes-on’ the defence perimeters, not always possible in our resource-light cyber team environment. Defence needs to be automated, using appropriate levels of authority and response. Given cyber management systems are connected to every defence technology within the network, it can automatically instruct systems to neutralise attacks, using playbooks designed around a company’s defence policy.
A one-vendor approach, in the hope that their offering, in a particular area, is good, is not always the best solution and is not necessarily the most cost-effective either. A cyber management platform can empower an organisation to pick the best product it can afford, without the worry of training its staff or being forced to pay for expensive bolt-ons, just to keep support contracts simple.
Cyber management systems can also take away the requirement for compatible systems to be a driver, even legacy systems can be brought back into a cyber defence strategy. This saves money and breaks the ‘tier of doom’ as cyber teams can get on with understanding what they have, learning from the actions recommended from the platform.
No one can remember every aspect of every system within a network, especially if they haven’t logged on to the system in say, six months. The speed and frequency of attacks are becoming beyond normal controls. Couple this with the demands of day-to-day procedures such as patching, fault finding, opening ports to accommodate new business projects etc. and the pressures and distractions are great.
A cyber management system that sits in the centre of connected networks, seeing all, listening to all, speaking to all, and controlling all, must be a game changer in the cyber defence armoury whilst not ‘breaking the bank’!